@INFO.POLICY

Who is using IT the most to invade our privacy?

Robert Gellman

Which entity presents a bigger threat to personal privacy: the government or the private sector?

When I started working on privacy issues
in the 1970s, I thought that the government was the biggest part of the privacy problem. Federal agencies were then at the forefront of the mainframe era, and the combination of government power and ever-increasing computer data and surveillance capabilities offered the prospect of an Orwellian future.

Government power hasn't shrunk any in the last couple of decades, while the private sector has caught up in the power curve of computers.

But government systems capabilities have nevertheless increased exponentially. Federal databases, such as the Labor Department's for new hires, pop up like weeds. Clearly, the typical citizen still has a lot to fear from the government.

Today it is also easy to make a case for the private sector being the bigger threat. Companies collect, compile and resell as much personal information as they can. Every time you engage in a transaction that includes your name, phone number, credit card number or other identifier, you are likely to be added to someone's list without notice and without consent. If you call an 800 or 900 number, the person receiving the call can find out the number you called from and how the phone is registered.

Marketers want to know everything about you. Much demand for personal data is driven by the relentless appetite of companies to fine-tune their marketing of goods and services. Marketers sell lists sorted by income, family size, credit history, ethnic origin, leisure pursuits and religion, to name a few characteristics. Their desire for consumer data is unlimited, and their capability to collect the data is nearly unlimited.

Go no farther than your supermarket for an example of the expanding insistence by the private sector for personal information. Ten years ago, no one had a record of what items you bought.

Today, shopper programs force many customers to trade personal information for discounts. Customers are not getting bigger discounts than in the past, but they now have to share personal data to get sale items.

No grocery secrets



The result is that the supermarkets have detailed and long-term customer profiles they can exploit without any statutory restriction at all. Supermarkets know when you buy ground beef, fat-free cookies, Marlboros, beer, baby food, organic vegetables, condoms or Preparation H.

It may be only a matter of time before individuals are held accountable for their supermarket purchases in employment, child custody fights, insurance applications or even political campaigns.

Private sector data collection will increase as long as consumers do not voice objections. Profiling Americans by companies using transaction records, public records and modeled data will continue to expand. The dossier that reveals everything about you is likely to be maintained by the private sector.

Who do you vote for, public or private?
It's more difficult to distinguish between the public and private sectors when it comes to privacy threats. The public sector collects quantities of personal data and often releases the data to companies that combine it with more data and demographic information to create profiles. The private sector sometimes sells the profiles back to the government. The lines between public and private are beginning to disappear.

A good example of the convergence of public and private data operations comes from The Washington Post. A January story reported that several states were selling digitized drivers' license photographs to a company for use in private fraud prevention activities. In each state, approval of the sale of the photos occurred without any public notice or debate.

That news story created a firestorm of public opposition. Politicians who had authorized the photo sales moved quickly to stop the disclosures. A later story revealed that the company had received funding from the Secret Service and had plans to use the database for governmental purposes including fighting terrorism, crime and illegal immigration.

We may not be able to agree on the winner of the privacy invasion sweepstakes, but we can tell who the losers are.

Robert Gellman is a Washington privacy and information policy consultant. His e-mail address is rgellman@cais.com.

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above